News and Updates

NEA BACKS UP NPC IN ENFORCING DATA PRIVACY ACT

February 9, 2018

Emphasizing the need to protect the personal information of their stakeholders against digital threats, the National Electrification Administration (NEA) urged anew all electric cooperatives (ECs) to strictly comply with the requirements of Data Privacy Law.

This comes after the state-run agency hosted a Data Privacy Summit for its employees and some 154 data protection officers (DPOs) and general managers from 94 ECs at its auditorium in Diliman, Quezon City last Tuesday (February 6).

Organized in cooperation with the National Privacy Commission (NPC), the gathering aimed to provide the NEA and its partner ECs deeper understanding of Republic Act (RA) 10173, otherwise known as the Data Privacy Act of 2012.

Administrator Edgardo Masongsong told summit participants it is paramount for companies engaged in public utilities to be well-informed about this law so they can keep up with the rapidly evolving digital economy.

“Because of advanced technology where storage of electronic data became possible, we have customer data and related information under our custody which, owing to it being sensitive or personal, must be protected against security breaches, system errors, and ethical scandals.

As primary players in the implementation of the Data Privacy Act, due mainly to the posts we hold in our offices, we are held accountable for what we do with customer data and to protect that data as well from third parties,” the NEA chief said.

Keynoting the summit was Privacy Commissioner Raymund ‘Mon’ Liboro himself, who gave an insightful briefing on the salient points of the law, and how its proper implementation can help prevent technological risks from turning into full-blown business disasters.

“Data privacy protection is a combination of—if you’re going to ask me—a little of IT (information technology), a little of legal, a little risk management and a whole lot of common sense,” he explained.

As data has apparently overtaken oil as the world’s most valuable resource in the digital age, Liboro said many enterprises are investing on information security, not only to protect the welfare of their customers but their companies’ financial health as well.

The former assistant secretary of the Department of Science and Technology said the impact of large scale data breaches is similar to that of natural calamities, which can be mitigated proactively through stringent privacy policies and stronger database management systems.

“Our philosophy is simple and I suggest you also embrace this philosophy. It’s a risk management approach. You identify your risk as an individual and your risk as a company… Kailangan i-manage po natin ito dahil mahal mag-respond to a disaster,” Liboro said.

In view of this, Masongsong issued Memorandum No. 2018-008, enjoining ECs which are yet to designate their respective DPOs to follow suit, as per NPC advisory. This was already prescribed under the previous memo released by the agency in September last year.

“Accordingly, this is in preparation for Phase 2 compliance process which is the registration of the personal data processing systems of personal information controllers and processors due on March 8, 2018,” the memo read.

Also present to address other questions and concerns of the ECs with respect to RA 10173 during the summit were NPC division chiefs Dr. Rolando Lansigan (Compliance and Monitoring) and Atty. Francis Acero (Complaints and Investigation).

The activity was part of the series of DPO assemblies conducted by NPC since last year to help government agencies and other organizations comply with the Data Privacy Act, which was designed to bring the Philippines up to speed on the global standards of data security. ###